Escolar Documentos
Profissional Documentos
Cultura Documentos
Privacy
Keeping your information private
Integrity
Knowing that the information has not been changed
Authenticity
Knowing who sent the information
Privacy
Your personal details are a valuable asset
Businesses are increasingly looking to
target individuals more effectively, data
about those individuals is in demand
Buying and selling lists of email addresses
and demographic details is big business
Integrity
Maintaining the data integrity of any
communication is vital.
Integrity can be preserved by using strong
encryption methods.
Even if an intruder see the transmission, it
would be useless since its encrypted.
Authentication
We need to authenticate a message to
make sure it was sent by the correct
person.
- Digital signature is used for the purpose
- Public key , Private key method can also
be used to authenticate.
Authentication , Continued…
Most of us use webmail for email handling.
From: billgates@microsoft.com
To: recipient@yahoo.com
Subject: Hi from Bill Gates
Malicious websites
China - 67%
US - 15%
Russia - 4%
Malaysia - 2.2%
Korea - 2%
Malicious websites
Preventive measures
- Use latest browser software
- Internet Explorer version 7+
- Mozilla Firefox
- Opera
Internet Explorer 6 is the most vulnerable as
well as the most widely used browser.
It is highly recommended to upgrade from IE 6
SPAM
Spam is unsolicited e-mail on the Internet.
We are delighted to inform you of your prize release from the United Kingdom
International Lottery program. Your name was attached to Ticket number;
47061725, Batch number; 7056490902, Winning number; 07-14-24-37-43-48 bonus
number 29, which consequently won the lottery in the first category....
-------------------------------------------
419 Nigerian Scams
The email asks to send an advance
payment to the lottery so that they can
release the prize money.
Lots of naive users get fooled by the
scammers and end up wasting their
money.
419 Nigerian Scams
Prevention:
This email was sent by the Citibank server to verify your E-mail
address. You must complete this process by clicking on the link
below and entering in the small window your Citibank ATM/Debit
Card number and PIN that you use on ATM.
Instead of,
http://www.citibank.com/us/index.htm
Phishing
Landing Page
Phishing
- Unwitting users submit the data, and the
data is captured by scammers and all the
money in their account will be stolen
immediately.
- This method is the main reason for loss of
email passwords also.
Denial of Service
It is an attack to make a computer resource
unavailable to its intended users.
Resources:
- Bandwidth & CPU
Distributed DOS
A powerful variant of DOS attack.
Botnet
Admin
Bot
Spammer
Botnets
1.A botnet operator sends out viruses or worms, infecting
ordinary users' computers, whose payload is a malicious
application -- the bot.
2.The bot on the infected PC logs into a particular IRC
server (or in some cases a web server). That server is
known as the command-and-control server (C&C).
3.A spammer purchases access to the botnet from the
operator.
4.The spammer sends instructions via the IRC server to the
infected PCs causing them to send out spam messages
to mail servers.
Botnets
A botnet's originator (aka "bot herder") can
control the group remotely, usually through a
means such as IRC.
Action plan:
Microsoft update to the Windows Malicious Software Removal Tool (MSRT)
may have helped reduce the size of the botnet by up to 20%.
But, most of the Windows systems are not configured for Automatic
updates.
Consider our country as example, where most home users use pirated
copies of windows.
Pirated copies will get disabled when updated online,becasue of Windows
Genuine Advantage (WGA) program.
More Botnets
Name Size Spam sent / day
SRIZBO 315,000 60 billion
BOBAX 185,000 9 billion
RUSTOCK 150,000 30 billion
CUTWAIL 125,000 16 billion
GRUM 50,000 2 billion
OZDOK 35,000 10 billion
NUCRYPT 20,000 5 billion
WOPLA 20,000 600 million
SPAMTHRU 12,000 350 million
Botnet Attacks
Example 1:
Cyber Assault on Estonia
government
banks
telecommunications companies
Internet service providers
news organizations
Botnet Attacks
Example 1:
Attack effectively shut down email systems and online
banking.
So,
Cyber wars <= DDOS <=Botnets <=Virus/Worm <= Ignorant web user
Take Action
If everyone keep their systems secure, such
threats can never happen.
www.419eater.com
www.antiphishing.org
Web Security
This presentation can be downloaded from
www.bharath.name